Monday, July 6, 2009

Under the rubric of cybersecurity, the Obama administration is moving forward with a Bush regime program to screen state computer traffic on private-sector networks, including those connecting people to the Internet, The Washington Postrevealed July 3.

That project, code-named "Einstein," may very well be related to the much-larger, ongoing and highly illegal National Security Agency (NSA) communications intercept program known as "Stellar Wind," disclosed in 2005 by The New York Times.

There are several components to Stellar Wind, one of which is a massive data-mining project run by the agency. As USA Todayrevealed in 2006, the "National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth."

Under the current program, Einstein will be tied directly into giant NSA data bases that contain the trace signatures left behind by cyberattacks; these immense electronic warehouses will be be fed by information streamed to the agency by the nation's telecommunications providers.

AT&T, in partnership with the Department of Homeland Security (DHS) and the NSA will spearhead the aggressive new initiative to detect malicious attacks launched against government web sites--by continuing to monitor the electronic communications of Americans.

This contradicts President Obama's pledge announcing his administration's cybersecurity program on May 29. During White House remarks Obama said that the government will not continue Bush-era surveillance practices or include "monitoring private sector networks or Internet traffic."

Called the "flagship system" in the national security state's cyber defense arsenal, The Wall Street Journalreports that Einstein is "designed to protect the U.S. government's computer networks from cyberspies." In addition to cost overruns and mismanagement by outsourced contractors, the system "is being stymied by technical limitations and privacy concerns." According to the Journal, Einstein is being developed in three stages:

Einstein 1: Monitors Internet traffic flowing in and out of federal civilian networks. Detects abnormalities that might be cyber attacks. Is unable to block attacks.

Einstein 2: In addition to looking for abnormalities, detects viruses and other indicators of attacks based on signatures of known incidents, and alerts analysts immediately. Also can't block attacks.

Einstein 3: Under development. Based on technology developed for a National Security Agency program called Tutelage, it detects and deflects security breaches. Its filtering technology can read the content of email and other communications. (Siobhan Gorman, "Troubles Plague Cyberspy Defense," The Wall Street Journal, July 3, 2009)

As readers of Antifascist Calling are well aware, like other telecom grifters, AT&T is a private-sector partner of NSA and continues to be a key player in the agency's driftnet spying on Americans' electronic communications. In 2006, AT&T whistleblower Mark Klein revealed in a sworn affidavit, that the firm's Internet traffic that runs through fiber-optic cables at the company's Folsom Street facility in San Francisco was routinely provided to the National Security Agency.

Using a device known as a splitter, a complete copy of Internet traffic that AT&T receives--email, web browsing requests and other electronic communications sent by AT&T customers, was diverted onto a separate fiber-optic cable connected to the company's SG-3 room, controlled by the agency. Only personnel with NSA clearances--either working for, or on behalf of the agency--have access to this room.

Klein and other critics of the program, including investigative journalist James Bamford who reported in his book, The Shadow Factory, believe that some 15-30 identical NSA-controlled rooms exist at AT&T facilities scattered across the country.

Einstein: You Don't Have to Be a Genius to Know They're Lying

But what happens next, after the data is processed and catalogued by the agency is little understood. Programs such as Einstein will provide NSA with the ability to read and decipher the content of email messages, any and all messages in real-time.

While DHS claims that "the new program will scrutinize only data going to or from government systems," the Post reports that a debate has been sparked within the agency over "uncertainty about whether private data can be shielded from unauthorized scrutiny, how much of a role NSA should play and whether the agency's involvement in warrantless wiretapping during George W. Bush's presidency would draw controversy."

A "Privacy Impact Assessment (PIA) for EINSTEIN 2" issued by DHS in May 2008, claims the system is interested in "malicious activity" and not personally identifiable information flowing into federal networks.

While DHS claims that "the risk associated with the use of this computer network security intrusion detection system is actually lower than the risk generated by using a commercially available intrusion detection system," this assertion is undercut when the agency states, "Internet users have no expectation of privacy in the to/from address of their messages or the IP addresses of the sites they visit."

When Einstein 3 is eventually rolled-out, Internet users similarly will "have no expectation of privacy" when it comes to the content of their communications.

DHS Secretary Janet Napolitano told reporters, "we absolutely intend to use the technical resources, the substantial ones, that NSA has." Seeking to deflect criticism from civil libertarians, Napolitano claims "they will be guided, led and in a sense directed by the people we have at the Department of Homeland Security."

Despite protests to the contrary by securocrats, like other Bush and Obama "cybersecurity" initiatives the Einstein program is a backdoor for pervasive state surveillance. Government Computer Newsreported in December 2008 that Marc Rotenberg, the executive director of the Electronic Privacy Information Center (EPIC) said that "the misuse or exposure of sensitive data from such a program [Einstein] could undermine the security arguments for surveillance."

And with Internet Service Providers routinely deploying deep packet inspection tools to "siphon off requested traffic for law enforcement," tools with the ability to "inspect and shape every single packet--in real time--for nearly a million simultaneous connections" as Ars Technicareported, to assume that ISPs will protect Americans' privacy rights from out-of-control state agencies is a foolhardy supposition at best.

The latest version of the system will not be rolled-out for at least 18 months. But like the Stellar Wind driftnet surveillance program, communications intercepted by Einstein 3 will be routed through a "monitoring box" controlled by NSA and their civilian contractors.

Under a classified pilot program approved during the Bush administration, NSA data and hardware would be used to protect the networks of some civilian government agencies. Part of an initiative known as Einstein 3, the plan called for telecommunications companies to route the Internet traffic of civilian agencies through a monitoring box that would search for and block computer codes designed to penetrate or otherwise compromise networks. (Ellen Nakashima, "Cybersecurity Plan to Involve NSA, Telecoms," The Washington Post, July 3, 2009)

However, investigative journalist Wayne Madsen reported last September "that the Bush administration has authorized massive surveillance of the Internet using as cover a cyber-security multi-billion dollar project called the 'Einstein' program."

While some researchers (including this one) question Madsen's overreliance on anonymous sources and undisclosed documents, in fairness it should be pointed out that nine months before The New York Timesdescribed the NSA's secret e-mail collection database known as Pinwale, Madsen had already identified and broken the story. According to Madsen,

The classified technology being used for Einstein was developed for the NSA in conducting signals intelligence (SIGINT) operations on email networks in Russia. Code-named PINWHEEL, the NSA email surveillance system targets Russian government, military, diplomatic, and commercial email traffic and burrows into the text portions of the email to search for particular words and phrases of interest to NSA eavesdroppers. According to NSA documents obtained by WMR, there is an NSA system code-named "PINWALE."

The DNI and NSA also plan to move Einstein into the private sector by claiming the nation's critical infrastructure, by nature, overlaps into the commercial sector. There are classified plans, already budgeted in so-called "black" projects, to extend Einstein surveillance into the dot (.) com, dot (.) edu, dot (.) int, and dot (.) org, as well as other Internet domains. Homeland Security Secretary Michael Chertoff has budgeted $5.4 billion for Einstein in his department's FY2009 information technology budget. However, this amount does not take into account the "black" budgets for Einstein proliferation throughout the U.S. telecommunications network contained in the budgets for NSA and DNI. (Wayne Madsen, "'Einstein' replaces 'Big Brother' in Internet Surveillance," Online Journal, September 19, 2008)

A follow-up article published in February, identified the ultra-spooky Booz Allen Hamilton firm as the developer of Pinwale, an illegal program for the interception of text communications. According to Madsen, "the system is linked to a number of meta-databases that contain e-mail, faxes, and text messages of hundreds of millions of people around the world and in the United States."

In other words both classified programs, Pinwale and Einstein, are sophisticated electronic communications surveillance projects that most certainly will train the agency's formidable intelligence assets on the American people "using as cover a cyber-security multi-billion dollar project called the 'Einstein' program," as Madsen reported.

AT&T: "No Comment"

An AT&T spokesman refused to comment on the proposals and is seeking legal protection from the state that it will not be sued for privacy breaches as a result of its participation in the new program. "Legal certification" the Post reports, "has been held up for several months as DHS prepares a contract."

NSA's involvement is critical proponents claim, because the agency has a readily-accessible database of computer codes, or signatures "that have been linked to cyberattacks or known adversaries. The NSA has compiled the cache by, for example, electronically observing hackers trying to gain access to U.S. military systems," the Post averred.

Calling NSA's cache "the secret sauce...it's the stuff they have that the private sector doesn't," is what raises alarms for privacy and civil liberties' advocates. Known as Tutelage, NSA's classified program can detect and automatically decide how to deal with malicious intrusions, "to block them or watch them closely to better assess the threat," according to the Post. "The database for the program would also contain feeds from commercial firms and DHS's U.S. Computer Emergency Readiness Team, administration officials said."

Jeff Mohan, AT&T's executive director for Einstein, was more forthcoming earlier this year. He told Federal News Radio: "With these services, we will provide a secure portal from the agency's infrastructure, or Intranet to the public internet. There is a technical aspect, which is routers, firewalls and that sort of thing that applies these security capabilities across that portal and looks a Internet traffic that comes from public Internet to Intranet and vice versa."

The "technical aspect" will also provide federal agencies the ability to capture, sort, read and then store Americans' private communications in huge data bases run by NSA.

Mohan said that AT&T will provide the state with "optional services such as scanning e-mail and placing filters on agency networks to keep malicious e-mail off the network as well as forensic and storage capabilities also are available through MTIPS [Managed Trusted Internet Protocol Services]."

In addition to AT&T, other private partners awarded contracts under the General Services Administration's MTIPS which has a built-in "Einstein enclave" include: Sprint, L3 Communications, Qwest, MCI, General Dynamics and Verizon, according to multiple reports published by Federal Computer Week.

Claiming that the state is "looking for malicious content, not a love note to someone with a dot-gov e-mail address," a former unnamed "senior Bush administration official" told the Post "what we're interested in is finding the code, the thing that will do the network harm, not reading the e-mail itself."

Try selling that to the tens of millions of Americans whose private communications have been illegally spied upon by the Bush and Obama administrations or leftist dissidents singled-out for "special handling" by the national security state's public-private surveillance partnership!

An Electronic Spider's Web

As the "global war on terror" morphs into an endless war on our democratic rights, the NSA is expanding domestic operations by "decentralizing its massive computer hubs," The Salt Lake Tribunerevealed.

The agency "will build a 1-million-square-foot data center at Utah's Camp Williams," the newspaper disclosed July 1. The new facility would be NSA's third major data center. In 2007, the agency announced plans to build a second data center in San Antonio, Texas after the Baltimore Sun reported that NSA had "maxed out" the electric capacity of the Baltimore area's power grid.

The San Antonio Currentreported in December, that the NSA's Texas Cryptology Center will cost "upwards of $130 million." The 470,000 square-foot-facility is adjacent to a similar center constructed by software giant Microsoft. Investigative journalist James Bamford told the Current that under current law "NSA could gain access to Microsoft's stored data without even a warrant, but merely a fiber-optic cable."

A follow-up article by The Salt Lake Tribunereported that the facility will cost upwards of $2 billion dollars and that funds have already been appropriated by the Obama administration for NSA's new data center and listening post.

The secretive agency released a statement Thursday acknowledging the selection of Camp Williams as a site for the new center and describing it as "a specialized facility that houses computer systems and supporting equipment."

Budget documents provide a more detailed picture of the facility and its mission. The supercomputers in the center will be part of the NSA's signal intelligence program, which seeks to "gain a decisive information advantage for the nation and our allies under all circumstances" according to the documents. (Matthew D. LaPlante, "New NSA Center Unveiled in Budget Documents," The Salt Lake Tribune, July 2, 2009)

Not everyone is pleased with the announcement. Steve Erickson, the director of the antiwar Citizens Education Project told the Tribune, "Finally, the Patriot Act has a home."

While the total cost of rolling-out the Einstein 3 system is classified, The Wall Street Journal reports that "the price tag was expected to exceed $2 billion." And as with other national security state initiatives, it is the American people who are footing the bill for the destruction of our democratic rights.

5 comments:

I have documents pertaining to allegations of illegal electronic surveillance, obstruction of justice & making false statements in writing to Congress in regards to the documented "existence" of a federal internal affairs investigation which the U.S. Marshals Service denied existed when questioned by Congress. Please review the supporting information within my website. Thank you.

I realize that these things are purposefully difficult to discover, but how do you think the "Stellar Wind" relates to the Main Core database?

And, as a side note from an astronomer, I don't quite get the "Stellar Wind" name. This program sucks in data from throughout space and time; it should be called "Black Hole." Unless, of course, they mean to imply that their grand plan represents a Stellar Wind of tyranny.

While I may suspect that Stellar Wind may very well be feeding what has been called the highly-secretive, and illegal, Main Core database, I have no proof and therefore, anything I wrote alleging such a connection would be purely speculative.

Having said that, I don't doubt for a nanosecond that enterprising security agencies, particularly the FBI, are busy as proverbial bees compiling updated "enemies lists" in the best tradition of J. Edgar Hoover and Richard Nixon.

I like your "Black Hole" analogy: once data has been sucked in, it never escapes!

I came across this article when looking for current status on the older NSA mass-intercept warrantless-wiretapping program started under the Bush administration. While I am wary of mission-creep (and creeps with a mission), on the surface this particular program is not unreasonable.

Take this is order....

Should government systems be protected from outside attack? Yes, they should.

Is there a chance that government systems will be attacked by (unfriendly) state-sponsored crackers with first-class skills? Yes, I'd say this is certain.

How could we best handle the mismatch in skills between your typical system administrator and first-class crackers? There are a very large (and growing) number government sites on the internet. Securing each individual system will be chancy, as there will always be mistakes. What you need is a sort of common firewall around all government systems.

(This is a bit more than your usual firewall - call it a network defensive system.)

Who has the greatest expertise and is best suited to build and maintain a network defensive system, able to handle the most sophisticated attacks? The NSA should be far ahead of pretty much everyone in this area.

If you were tasked with building a network defensive system to secure all government systems, and you were competent, this is logically how you would proceed. If they stick to the mission described, then this sort of system makes sense. We very much want our government systems to be secure.

By analogy, where the older mass-intercept program is like someone reading and copying all mail and conversations, the newer program is more like installing an alarm system. We should be wary and insure that they do not go off-mission, but as citizens this is something we very much do want our government to build.

I remember flus in the 80's that closed schools on their own, without gov't assistance. Businesses shut down because there was no one able to be off the toilet for more than 10 minutes or able to climb a flight of stairs without losing a lung. I'm pretty sure there were a lot of deaths from these outbreaks as well. I guess the attitude "Take advantage of a crisis" hadn't been fully realized by Big Pharma and the manufacturers of Police State gear and facilities.

About Me

A researcher and activist based in the San Francisco Bay Area. In addition to publishing in Covert Action Quarterly, Love & Rage and Antifa Forum, I am the editor of Police State America: U.S. Military "Civil Disturbance" Planning, distributed by AK Press.